Broken email delete button.

Here's a headstart for you:

js portion (which will delete the message container in which you click delete on)

function deleteEmail(emailId) {
    fetch(`/path/to/delete-email-endpoint.php?emailId=${emailId}`, {
        method: 'DELETE',
    })
    .then(response => response.json())
    .then(data => {
        if (data.success) {
            console.log(data.message);
            const messageElement = document.getElementById(`msg${emailId}`);
            if (messageElement) messageElement.remove();
        } else {
            console.error(data.error);
        }
    })
    .catch(error => console.error('Error:', error));
}

I'm not sure how you have your endpoints setup, but from looking at the ones for forward/reply I'd assume you'd have something like this:

<?php
session_start();

$response = [];

if (!isset($_SESSION['user_id'])) {
    $response['error'] = 'User not authenticated';
    echo json_encode($response);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
    parse_str(file_get_contents("php://input"), $delete_vars);
    $emailId = $delete_vars['emailId'] ?? '';

    if (empty($emailId) || !is_numeric($emailId)) {
        $response['error'] = 'Valid Email ID is required';
    } else {
        if (deleteEmailById($emailId)) {
            $response['success'] = true;
            $response['message'] = 'Email deleted successfully';
        } else {
            $response['error'] = 'Failed to delete email';
        }
    }
} else {
    $response['error'] = 'Invalid request method';
}

echo json_encode($response);
?>

Includes validation with is_numeric ^ but requires a function of deleteEmailById (if you have some sort of utils class or posts class).

Or even better would be to have is

/inbox/12345678 (aka /noun/id)

w/ method DELETE which is more inline of REST api endpoints and leave the query strings for filters/sorting ect.

/dislike php :p

I do too.

I prefer python.